Automated compliance exception approval

US 10,055,249 B2
Filed: 07/14/2017
Issued: 08/21/2018
Est. Priority Date: 11/27/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for automated approval of a non-compliance of a modified configuration of a computer system with at least one compliance rule by a compliance management system, the method comprising:

performing a compliance check of the modified configuration of the computer system by the compliance management system, the modified configuration of the computer system resulting from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system according to a modification pattern, the modification pattern being provided by at least one pre-approved modification pattern as a software package specifying at least one modification to be applied to the initial configuration of the computer system and at least one compliance exception pre-approval assigned to the respective modification pattern, each of the respective at least one pre-approvals specifying a pre-approved non-compliance of at least one of the respective modifications with the at least one compliance rule;

in response to detecting a non-compliance with the at least one compliance rule, comparing the detected non-compliance with the at least one pre-approved non-compliance from the software package provided to the compliance management system by the package management system;

in response to determining that the detected non-compliance is not matching with any of the pre-approved non-compliances, requesting a compliance exception approval for the detected non-compliance; and

approving the detected non-compliance in response to receiving the compliance exception approval for the detected non-compliance.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automated approval of a non-compliance of a modified configuration of a computer system includes performing a compliance check by a compliance management system. The modified configuration results from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system. The modification pattern is provided by a software package that specifies at least one modification to be applied to the initial configuration and at least one compliance exception pre-approval specifying pre-approved non-compliances of modifications with compliance rules. Responsive to detecting a non-compliance, the non-compliance is compared with the pre-approved non-compliances. In response to determining that the detected non-compliances are not matching any pre-approved non-compliances, a compliance exception approval is requested. The detected non-compliance is approved in response to receiving the compliance exception approval for the detected non-compliances.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method for automated approval of a non-compliance of a modified configuration of a computer system with at least one compliance rule by a compliance management system, the method comprising:
- performing a compliance check of the modified configuration of the computer system by the compliance management system, the modified configuration of the computer system resulting from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system according to a modification pattern, the modification pattern being provided by at least one pre-approved modification pattern as a software package specifying at least one modification to be applied to the initial configuration of the computer system and at least one compliance exception pre-approval assigned to the respective modification pattern, each of the respective at least one pre-approvals specifying a pre-approved non-compliance of at least one of the respective modifications with the at least one compliance rule;
  
  in response to detecting a non-compliance with the at least one compliance rule, comparing the detected non-compliance with the at least one pre-approved non-compliance from the software package provided to the compliance management system by the package management system;
  
  in response to determining that the detected non-compliance is not matching with any of the pre-approved non-compliances, requesting a compliance exception approval for the detected non-compliance; and
  
  approving the detected non-compliance in response to receiving the compliance exception approval for the detected non-compliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, the method further comprising:
    - cancelling non-compliant modifications of the initial configuration of the computer system for which no compliance exception approvals are received.
  - 3. The computer-implemented method of claim 1, the modification pattern further comprising machine-readable installation instructions specifying an installation procedure to be applied and machine-readable configuration instructions specifying post-installation configuration adjustments to be applied, the modifying of the first configuration of the first computer system comprising:
    - executing the respective installation instructions; and
      
      executing the respective configuration instructions.
  - 4. The computer-implemented method of claim 1, the computer system comprising a virtual machine and the modifying of the initial configuration of the computer system comprises modifying software installed on the respective virtual machine.
  - 5. The computer-implemented method of claim 1, the compliance exception pre-approval being assigned with a digital signature and an ID identifying an approving authority, the method further comprising:
    - verifying, responsive to receiving the compliance exception pre-approval, the signature and the authorization of the approving authority identified by the ID.
  - 6. The computer-implemented method of claim 1, the pre-approved modification pattern being assigned with a digital signature, the method further comprising:
    - verifying the signature responsive to receiving the pre-approved modification pattern.
  - 7. The computer-implemented method of claim 1, the pre-approved modification pattern further comprising machine-readable mitigation instructions specifying adjustments to be applied to the modifications of the configuration specified by the modification pattern for mitigating non-compliances of the respective modifications, the method further comprising:
    - executing the respective mitigation instructions.

8. A computer program product for automated approval of a non-compliance of a modified configuration of a computer system with one or more compliance rules by a compliance management system, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor being configured to cause the processor to control a computer system to execute a method comprising:
- performing a compliance check of the modified configuration of the computer system by the compliance management system, the modified configuration of the computer system resulting from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system according to a modification pattern, the modification pattern being provided by at least one pre-approved modification pattern as a software package specifying at least one modification to be applied to the initial configuration of the computer system and at least one compliance exception pre-approval assigned to the respective modification pattern, each of the respective at least one pre-approvals specifying a pre-approved non-compliance of at least one of the respective modifications with the at least one compliance rule;
  
  in response to detecting a non-compliance with the at least one compliance rule, comparing the detected non-compliance with the at least one pre-approved non-compliance from the software package provided to the compliance management system by the package management system;
  
  in response to determining that the detected non-compliance is not matching with any of the pre-approved non-compliances, requesting a compliance exception approval for the detected non-compliance; and
  
  approving the detected non-compliance in response to receiving the compliance exception approval for the detected non-compliance.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, where the instructions, where the program instructions executable by the processor cause the processor to control a computer system to execute a method comprising:
    - cancelling non-compliant modifications of the initial configuration of the computer system for which no compliance exception approvals are received.
  - 10. The computer program product of claim 8, the modification pattern further comprising machine-readable installation instructions specifying an installation procedure to be applied and machine-readable configuration instructions specifying post-installation configuration adjustments to be applied, the modifying of the first configuration of the first computer system comprising:
    - executing the respective installation instructions; and
      
      executing the respective configuration instructions.
  - 11. The computer program product of claim 8, the computer system comprising a virtual machine and the modifying of the initial configuration of the computer system comprises modifying software installed on the respective virtual machine.
  - 12. The computer program product of claim 8, the compliance exception pre-approval being assigned with a digital signature and an ID identifying an approving authority, the method further comprising:
    - verifying, responsive to receiving the compliance exception pre-approval, the signature and the authorization of the approving authority identified by the ID.
  - 13. The computer program product of claim 8, the pre-approved modification pattern being assigned with a digital signature, the method further comprising:
    - verifying the signature responsive to receiving the pre-approved modification pattern.
  - 14. The computer program product of claim 8, the pre-approved modification pattern further comprising machine-readable mitigation instructions specifying adjustments to be applied to the modifications of the configuration specified by the modification pattern for mitigating non-compliances of the respective modifications, the method further comprising:
    - executing the respective mitigation instructions.

15. A computer system for automated approval of a non-compliance of a modified configuration of a computer system with one or more compliance rules by a compliance management system, the computer system comprising a memory for storing machine executable instructions and a processor for executing the machine executable instructions, execution of the machine executable instructions by the processor causing the processor to control the computer system to execute a method comprising:
- performing a compliance check of the modified configuration of the computer system by the compliance management system, the modified configuration of the computer system resulting from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system according to a modification pattern, the modification pattern being provided by at least one pre-approved modification pattern as a software package specifying at least one modification to be applied to the initial configuration of the computer system and at least one compliance exception pre-approval assigned to the respective modification pattern, each of the respective at least one pre-approvals specifying a pre-approved non-compliance of at least one of the respective modifications with the at least one compliance rule;
  
  in response to detecting a non-compliance with the at least one compliance rule, comparing the detected non-compliance with the at least one pre-approved non-compliance from the software package provided to the compliance management system by the package management system;
  
  in response to determining that the detected non-compliance is not matching with any of the pre-approved non-compliances, requesting a compliance exception approval for the detected non-compliance; and
  
  approving the detected non-compliance in response to receiving the compliance exception approval for the detected non-compliance.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, where the instructions are operative with the program to execute the program for:
    - cancelling non-compliant modifications of the initial configuration of the computer system for which no compliance exception approvals are received.
  - 17. The computer system of claim 15, the modification pattern further comprising machine-readable installation instructions specifying an installation procedure to be applied and machine-readable configuration instructions specifying post-installation configuration adjustments to be applied, the modifying of the first configuration of the first computer system comprising:
    - executing the respective installation instructions; and
      
      executing the respective configuration instructions.
  - 18. The computer system of claim 15, the computer system comprising a virtual machine and the modifying of the initial configuration of the computer system comprises modifying software installed on the respective virtual machine.
  - 19. The computer system of claim 15, the compliance exception pre-approval being assigned with a digital signature and an ID identifying an approving authority, the method further comprising:
    - verifying, responsive to receiving the compliance exception pre-approval, the signature and the authorization of the approving authority identified by the ID.
  - 20. The computer system of claim 15, the pre-approved modification pattern being assigned with a digital signature, the method further comprising:
    - verifying the signature responsive to receiving the pre-approved modification pattern.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edison Vault, LLC
Original Assignee
International Business Machines Corporation
Inventors
Betzler, Boas, Kuehmichel, Andreas, Nachtwey, Volker, Schleicher, Klaus-Thomas
Primary Examiner(s)
Dada, Beemnet

Application Number

US15/650,639
Publication Number

US 20170315837A1
Time in Patent Office

403 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 8/61   Installation

G06F 9/45558   Hypervisor-specific managem...

Automated compliance exception approval

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated compliance exception approval

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links